<?php
ob_start();
session_start();
include_once  ("connect.php");

$strSQL = "SELECT * FROM member WHERE m_username = '" . trim($_POST['username']) . "' and m_password = '" . trim($_POST['password']) . "'";
$objQuery = mysql_query($strSQL);
$objResult = mysql_fetch_array($objQuery);
if (!$objResult) {
    echo "	<script language='javascript'>
					alert('ไม่ได้สามารถเข้าได้');
					window.location='index.php';
					</script>
	  ";
} else {
    $_SESSION["UserID"] = $objResult["m_id"];
    $_SESSION["Username"] = $objResult["m_username"];
    $_SESSION["Status"] = $objResult["m_status"];

    session_write_close();

    if ($objResult["m_status"] == "ADMIN") {
        header("location:admin/home.php");
    } else {
        header("location:user/home.php");
    }
}
mysql_close();
?>